Police arrest two people in connection with a spam botnet called Lecpetex,
which targeted as many as 250,000 computers and used them to mine a
Bitcoin-like currency called Litecoin

Greek police have arrested two people in connection with a spam botnet called Lecpetex which targeted as many as 250,000 computers and used them to mine a Bitcoin-like currency called Litecoin.

Facebook engineers discovered evidence of the attack before “battling and ultimately helping bring down” the botnet with the help of police officers. It had been using the social network as well as emails to spread, and had infected around 50,000 accounts.

In a blog post announcing the takedown, Facebook said: "Late last year, our abuse-fighting teams started to see a distinct new botnet. Based on statistics released by the Greek Police, the botnet may have infected as many as 250,000 computers. In addition, the Lecpetex authors appeared to have a good understanding of anti-virus evasion because they made continuous changes to their malware to avoid detection."

The malware had targeted Windows computers across the UK, Europe and North and South America. Owners would typically receive an email with a message such as “lol” and a .zip file attachment – those that opened the file were then infected with malware which installed a Litecoin miner.

The malware was first identified by an automated system at Facebook which spotted a higher than normal number of messages coming from Greece in December last year. In April this year the company took down key accounts and infrastructure that the hackers used to extract money from victims, before referring the matter to Greek police.

Related Articles

In May the hackers taunted Facebook staff by leaving messages on company servers, such as “Hello people.. :) <!-- Designed by the SkyNet Team --> but am not the f***ing zeus bot/skynet bot or whatever piece of sh*t.. no fraud here.. only a bit of mining. Stop breaking my ballz..”

On July 3 Greek police announced that they had taken two people alleged to be behind the attacks into custody.

Facebook added: "Staying ahead of the latest threats is a complex job, and Lecpetex was a particularly persistent malware family. We would like to thank the Head of the Greek Cyber Crime Division and the police officers involved for the professionalism they showed while investigating this malware.

"As we take down botnets like Lecpetex, we learn more about malware techniques — and we build that knowledge directly into our systems to help make people using our platform even safer and more secure.”